///

Michel Le Cocq 2020-06-23 09:42:29 +02:00
parent 68e07d5703
commit 13aa7a28d9

@ -1,102 +1,110 @@
## encrypt swap partition ## encrypt swap partition
sources : sources :
* [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS) * [wiki.archlinux.org - dm-crypt/Swap encryption](https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#LVM_on_LUKS)
* [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap) * [help.ubuntu.com - Enable Hibernate With Encrypted Swap](https://help.ubuntu.com/community/EnableHibernateWithEncryptedSwap)
~~~ ~~~
apt-get install ecryptfs-utils apt-get install ecryptfs-utils
swapoff -a swapoff -a
cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2 cryptsetup luksFormat --cipher aes-xts-plain64 --verify-passphrase --key-size 256 /dev/nvme0n1p2
cryptsetup open /dev/<device> cryptswap cryptsetup open /dev/<device> cryptswap
mkswap /dev/mapper/mkswap /dev/mapper/cryptswap mkswap /dev/mapper/cryptswap
~~~ Configure l'espace d'échange (swap) en version 1, taille = 31,1 GiB (33420210176 octets)
pas d'étiquette, UUID=4fd1ffc-6d5b-450a-9737-abf1ffb80b1
edit : /etc/default/grub ~~~
~~~ edit : /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=UUUUUUU"
~~~ ~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=UUID=4fd1ffc-6d5b-450a-9737-abf1ffb80b1"
~~~ ~~~
update-grub
~~~ ~~~
update-grub
Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow : ~~~
~~~ Now ajust /etc/fstab to use your mapper, replace your encrypt swap device like bellow :
/dev/mapper/cryptswap none swap discard 0 0
~~~ ~~~
/dev/mapper/cryptswap none swap discard 0 0
add your encrypt swap device define in /etc/crypttab ~~~
~~~ add your encrypt swap device define in /etc/crypttab
cryptswap /dev/nvme0n1p2 none luks
~~~ ~~~
cryptswap /dev/nvme0n1p2 none luks
~~~ ~~~
swapon -a
~~~ ~~~
swapon -a
Register these changes. ~~~
~~~ /!\ ici faut trouver comment on recupere le blkid de la partition swap
update-initramfs -u -k all
~~~ ~~~
printf "RESUME=UUID=/dev/mapper/cryptswap" | tee /etc/initramfs-tools/conf.d/resume
### to be solve ~~~
~~~ Register these changes.
cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
cryptsetup: WARNING: Couln't determine root device ~~~
~~~ update-initramfs -u -k all
~~~
## disable encrypt swap partition
### to be solve
* Turn off swap
~~~
~~~ cryptsetup: ERROR: Couln't resolve device rpool/ROOT/ubuntu_...
swapoff /dev/mapper/cryptswap1 cryptsetup: WARNING: Couln't determine root device
~~~ ~~~
* remove your encrypt swap device define in your /etc/crypttab ## disable encrypt swap partition
* ajust /etc/fstab to use your real swap partition * Turn off swap
~~~ ~~~
/dev/nvme0n1p2 none swap discard 0 0 swapoff /dev/mapper/cryptswap1
~~~ ~~~
* Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to * remove your encrypt swap device define in your /etc/crypttab
~~~ * ajust /etc/fstab to use your real swap partition
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=/dev/nvme0n1p2"
~~~ ~~~
/dev/nvme0n1p2 none swap discard 0 0
~~~ ~~~
update-grub
~~~ * Change your /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT to
* edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line. ~~~
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash resume=/dev/nvme0n1p2"
~~~ ~~~
RESUME=/dev/nvme0n1p2
~~~ ~~~
update-grub
Register these changes. ~~~
~~~ * edit /etc/initramfs-tools/conf.d/resume. Replace the existing RESUME line with the following line.
update-initramfs -u -k all
~~~ ~~~
RESUME=/dev/nvme0n1p2
* make your partition a swap ~~~
~~~ Register these changes.
mkswap /dev/nvme0n1p2
~~~ ~~~
update-initramfs -u -k all
* activate swap ~~~
~~~ * make your partition a swap
swapon -a
~~~ ~~~
mkswap /dev/nvme0n1p2
~~~
* activate swap
~~~
swapon -a
~~~